\chapter{Electronic Petitions}
\label{cha:Electronic Petitions}

\section{Introduction}

Petitions are generally defined as solemn requests to a
superior authority. Through them, citizens can express their support or
disagreement with government proposals, and provide feedback to government
institutions. Traditionally, petitions were a collection of ID numbers
accompanied by handwritten signatures on a hard copy, such that fake or
duplicate signatures could be eliminated. It was only a matter of time before goverments
arrived to the need of having automated methods to process
them. By using electronic petitions, it is much easier to reach a large number
of signers, and the signature verification process can be automated. 
However they also introduce new security and privacy challenges.

\section{Historic frame}
Throughout history, communication between citizens and authorities was strongly
influenced by the prevailing historic circumstances and technological advances.

Among the numerous possibilities to offer formal online participation channels
to citizens, electronic petitions were clearly at the forefront of official,
fully operational e-democracy activities of governments and parliaments. In
2000, the Scottish e-petitioner \cite{2-ep:scottish} was the first
e-petition system to be established by an elected parliament. Two years later, another regional parliament, the
Parliament of Queensland \cite{2-ep:queensland}, designed an e-petition system
of its own. Since 2005, Germany's Federal Parliament, the Bundestag
\cite{2-ep:germany}, is operating an e-petition system similar to the Scottish one. And at the local level, over a dozen Norwegian municipalities are offering epetitions
to their communities since 2005. Moreover, the British Parliament in London is also
seriously thinking about implementing an e-petition system in the near future (Proposals for an e-petitions system for the House of
Commons, 2010, \cite{2-ep:housecommons}). But not only parliaments, also
governments started to follow this path: The most famous example is the British
Prime Minister's e-petition system \cite{2-ep:british-prime-minister} which
started in 2006. This list could be continued with a number of other examples, such 
as the e-petition systems of the European Parliament
\cite{2-ep:european-parliament} or in South Korea.

\section{Security challenges}

Many of the currently available electronic petitions systems simply collect the
name and national ID number of signers. Given that this information is not secret,
it is impossible to check that the petition signer is really providing her own
data. In other words, it is not possible to detect cheating, which diminishes the
trustworthiness of the petition signature list. To prevent this, some e-petition
servers check the IP address of the signer and allow only one signature per IP
address. But this disenfranchises legitimate signers who share the IP address
with other people (note that in some organizations thousands of users share the
same IP address).
Due to these security problems, e-petitioning systems do not have any legal
relevance. Therefore criptographic methods, such as digital
signatures,  were introduced.
%eso de arriba resumirlo en pocas lineas

I DID NOT FOUND INFO ABOUT BELGIAN E-PETITIONS

However, any cryptographic method requires the management and distribution of a series 
of secret values. These
will be provided by electronic identity cards. In this thesis we will work with Belgium e-ID card. The Belgian electronic identity
card, is a rich source of personal data. The first Belgian electronic ID cards
were issued on March 31, 2003. Today there are about 10 million cards active.
These cards are mandatory for all citizens over 12 years of age, whereas they are optional for
 both minors and for foreign citizens. 
 
After obtaining the secret values of the secure element (the Belgium e-ID
 card in this case), these values are used to generate public certificates or
 public keys, necessary for the proper functioning of security protocols. Our
 first approach would be using them for signing petitions. However this has some
 drawbacks; the public e-ID certificate contains more privacy sensitive
 information that needed. This is against data minimization principle (Belgian Privacy Act of
1992). That leads to a trade-off between privacy and security.
 
To solve this problem it has been proposed the use of existing PKI-based
electronic IDs cards in combination with anonymous credential protocols.

\section{Legal background}

One important fact to mention here and for which the imporance of having secure
but privacy friendly e-petitions is non-neglegible is the following directive of the European Union:

Any citizen, acting individually or jointly with others, may at any time
exercise his right of petition to the European Parliament under Article 227
 of the Treaty on the Functioning of the European Union.

\textit{``Any citizen of the European Union, or resident in a Member State,
 may,
individually or in association with others, submit a petition to the European
 Parliament on a subject which comes within the European Union's fields of
  activity and which affects them directly. Any company, organisation or
   association with its headquarters in the European Union may also exercise
    this right of petition, which is guaranteed by the Treaty. A petition may
     take the form of a complaint or a request and may relate to issues of
      public or private interest.
The petition may present an individual request, a complaint or observation
concerning the application of EU law or an appeal to the European Parliament
 to adopt a position on a specific matter. Such petitions give the European
  Parliament the opportunity of calling attention to any infringement of a
   European citizen's rights by a Member State or local authorities or other institution.''}


%maybe-> for further information
